HactivityCon 2021 CTF Writeup

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

OPA Secrets challenge (category: web, level: hard)

OPA Secrets Challenge

Step 1: On opening the challenge, a login screen would come up.

Login Screen

Step 2: We first need to set up an account in order to access the OPA Secrets portal. So, signup with any random username and password.

Sign Up Screen

Step 3: Now login using the credentials with which new account was created.

Step 4: On logging in, OPA Secrets dashboard will come up.

OPA Secrets Dashboard

Step 5: There are 2 tabs on the dashboard, in the secrets tab, it gives the functionality to create and save our secrets. On visiting the Security tab, it gives us info about the algorithm that is used in keeping this secrets secure. Also a Github link is mentioned where we can see the source code of this open source OPA Secrets algorithm.

Step 6: Open the github link (congon4tor/opa_secrets: Secret manager using Open Policy Agent (github.com) and open the app.py script (opa_secrets/app/app.py).

app.py Script

Step 7: Now carefully observe the script. We can see that 3 different users have been created

Read the article